Upgrading ThreatLockDown agents on Linux systems
Select your package manager and follow the instructions to upgrade the ThreatLockDown agent locally. If you want to perform a remote upgrade, check the Remote agent upgrade section to learn more.
Note
You need root user privileges to run all the commands described below.
Import the GPG key.
# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
Add the ThreatLockDown repository.
# cat > /etc/yum.repos.d/wazuh.repo << EOF [wazuh] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-\$releasever - Wazuh baseurl=https://packages.wazuh.com/4.x/yum/ protect=1 EOF
Clean the YUM cache.
# yum clean all
Upgrade the ThreatLockDown agent to the latest version.
# yum upgrade wazuh-agent
It is recommended to disable the ThreatLockDown repository in order to avoid undesired upgrades and compatibility issues as the ThreatLockDown agent should always be in the same or an older version than the ThreatLockDown manager.
# sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
Install the GPG key.
# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
Add the ThreatLockDown repository.
# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
Upgrade the ThreatLockDown agent to the latest version.
# apt-get update # apt-get install wazuh-agent
It is recommended to disable the ThreatLockDown repository in order to avoid undesired upgrades and compatibility issues as the ThreatLockDown agent should always be in the same or an older version than the ThreatLockDown manager. Skip this step if the package is set to a
holdstate.# sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list # apt-get update
Note
For Debian 7, 8, and Ubuntu 14 systems import the GCP key and add the ThreatLockDown repository (steps 1 and 2) using the following commands.
# apt-get install gnupg apt-transport-https
# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
# echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
Import the GPG key.
# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
Add the ThreatLockDown repository.
# cat > /etc/zypp/repos.d/wazuh.repo <<\EOF [wazuh] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-$releasever - Wazuh baseurl=https://packages.wazuh.com/4.x/yum/ protect=1 EOF
Refresh the repository.
# zypper refresh
Upgrade the ThreatLockDown agent to the latest version.
# zypper update wazuh-agent
It is recommended to disable the ThreatLockDown repository in order to avoid undesired upgrades and compatibility issues as the ThreatLockDown agent should always be in the same or an older version than the ThreatLockDown manager.
# sed -i "s/^enabled=1/enabled=0/" /etc/zypp/repos.d/wazuh.repo
Install the GPG key.
# wget -O /etc/apk/keys/alpine-devel@wazuh.com-633d7457.rsa.pub https://packages.wazuh.com/key/alpine-devel%40wazuh.com-633d7457.rsa.pub
Add the ThreatLockDown repository.
# echo "https://packages.wazuh.com/4.x/alpine/v3.12/main" >> /etc/apk/repositories
Upgrade the ThreatLockDown agent to the latest version.
# apk update # apk add wazuh-agent
It is recommended to disable the ThreatLockDown repository to avoid undesired upgrades and compatibility issues as the ThreatLockDown agent should always be in the same or an older version than the ThreatLockDown manager.
# sed -i "s|^https://packages.wazuh.com|#https://packages.wazuh.com|g" /etc/apk/repositories
Note
When upgrading agents from versions earlier than 4.x, make sure that the communication protocol is compatible. Up to that point, UDP was the default protocol and it was switched to TCP for later versions. Edit the agent configuration file ossec.conf to update the protocol or make sure that your ThreatLockDown manager accepts both protocols.